Linux kernel introduces the memory control group (memcg) to account and confine memory usage at the process-level. Due to its flexibility and efficiency, memcg has been widely adopted by container platforms and has become a fundamental technique. While being critical, memory accounting is prone to missing-account bugs due to the diverse memory accounting interfaces and the massive amount of allocation/free paths. To our knowledge, there is still no systematic analysis against the memory missing-account problem, with respect to its security impacts, detection, etc. In this paper, we present the first systematic study on the memory missing-account problem. We first perform an in-depth analysis of its exploitability and security impacts on container platforms. We then develop a tool named MANTA (short for Memory AccouNTing Analyzer), which combines both static and dynamic analysis techniques to detect and validate memory missing-account bugs automatically. Our analysis shows that all container runtimes, including runC and Kata container, are vulnerable to memory missing-account-based attacks. Moreover, memory missing-account can be exploited to attack the Docker, the CaaS, and the FaaS platforms, leading to memory exhaustion, which crashes individual node or even the whole cluster. Our tool reports 53 exploitable memory missing-account bugs, 37 of which were confirmed by kernel developers with the corresponding patches submitted, and two new CVEs are assigned. Through the in-depth analysis, automated detection, the reported bugs and the submitted patches, we believe our research improves the correctness and security of memory accounting for container platforms.
|Original language||English (US)|
|Title of host publication||Proceedings - 38th Annual Computer Security Applications Conference, ACSAC 2022|
|Publisher||Association for Computing Machinery|
|Number of pages||12|
|State||Published - Dec 5 2022|
|Event||38th Annual Computer Security Applications Conference, ACSAC 2022 - Austin, United States|
Duration: Dec 5 2022 → Dec 9 2022
|Name||ACM International Conference Proceeding Series|
|Conference||38th Annual Computer Security Applications Conference, ACSAC 2022|
|Period||12/5/22 → 12/9/22|
Bibliographical noteFunding Information:
The authors would like to thank all reviewers for insightful comments. This work is partially supported by the National Natural Science Foundation of China (Grants No. 62002317), by the National Key R&D Program of China (Grant No. 2020AAA0107700), by the Leading Innovative and Entrepreneur Team Introduction Program of Zhejiang (Grant No. 2018R01005), and by the Ant Group Funds for Security Research.
© 2022 ACM.
- Cloud infrastructure
- DoS attack
- Linux kernel
- memory accounting